Security Alerts and Updates

  Latest Security Updates for Apple Software
•  AV Mac Security Test and Review 2019
•  AV Security Software Summary Report 2019

February, 2020  (Click listings for more information) .
19  Microsoft rolls out new Windows 10 optional update choice.
19  Windows 10 KB4532693 update bug deletes user files.
19  SMS attack spreads Emotet, steals bank credentials.
19  Latest tax scams target apps and tax-prep websites.
18  Still running Win10 v1809 or earlier? Watch out for KB 4023057!
18  .NET Core non-security updates 2.1.16, 3.0.3, and 3.1.2 are out.
18  Ring forces 2FA on all users to secure cameras from hackers.
18  Firefox 73.0.1 released with fixes for Linux, Windows crashes.
18  AZORult malware infects victims via fake ProtonVPN installer.
18  Lenovo, HP, Dell peripherals face unpatched firmware bugs.
17  Microsoft Surface Laptop 3 screens are spontaneously cracking.
17  Windows 10 users affected by shutdown bug, how to fix.
16  John Opdenakker’s Weekly Security Newsletter.
16  This Week in Security – by Zack Whittaker.
16  Windows 10X to feature faster updates, Win32 apps support.
15  Microsoft pulls KB 4524244 and KB 4502496 from the Catalog.
14  OpenSSH adds support for FIDO/U2F security keys.
14  There’s finally a way to remove Android malware xHelper.
14  Surface Book and Book 2 get a handful of driver updates.
14  The Week in Ransomware – Targeting MSPs.
14  IRS urges taxpayers to enable multi-factor authentication.
14  Mobile phishing campaign spoofs major banks websites.
14  Windows 10 update causes freezes, installation issues.
13  Trojan is being distributed through malicious spam campaigns.
13  Win10 1903 & 1909 update causing desktops to disappear.
13  Malicious Chrome extensions removed from the Web Store.
13  SweynTooth bug affects hundreds of Bluetooth products.
12  Windows 10 update bug hides user data, loads wrong profile.
12  Patch Tuesday “fixes” are out – by Woody Leonhard.
12  Microsoft releases Office updates with security fixes.
11  Amex, Chase fraud protection emails used as phishing lure.
11  Microsoft’s February Patch Tuesday fixes 99 flaws, IE 0day.
11  Win10 cumulative updates KB4532693 & KB4532691 released.
11  Here’s what’s new for Windows 8.1 this Patch Tuesday.
11  Adobe releases the February 2020 Security Updates.
11  Dashlane password manager removed from Chrome Web Store.
11  Firefox 73 released with security fixes, new DoH provider.
10  Dell SupportAssist bug exposes business, home PCs to attacks.
10  Active PayPal phishing scam targets SSNs, passport photos.
10  Patch Tuesday’s tomorrow, enable ‘Pause Updates’.
10  Fix is in place for most users for Windows 10 search issue.
09  This Week in Security – by Zack Whittaker.
08  The Week in Ransomware – Exploiting Drivers.
08  Lock My PC used by tech support scammers, dev offers fix.
08  Win10 1903/1909 patch KB 4532695 having a host of problems.
07  Microsoft releases Windows 7 update to fix wallpaper bug.
07  Windows 7 users can’t shut down their PCs, how to fix.
07  Microsoft releases Edge browser version 80 to general public.
07  Emotet hacks nearby Wi-Fi networks to spread to new victims.
07  Magecart gang attacks Olympic ticket reseller and others.
06  Google fixes security flaw in Android’s Bluetooth component.
06  Phishing attack disables Google Play Protect, drops Trojan.
06  Oscar nominated movies featured in phishing, malware attacks.
06  Wacom drawing tablets track every app you open.
06  BEC scammers’ interest in the real estate sector rises.
06  Philips smart light allowed hacking of devices on the network.
05  When Your Used Car is a Little Too ‘Mobile’.
05  Medicaid CCO vendor breach exposes health, personal info.
05  WhatsApp bug allows malicious code-injection, one-click RCE.
05  Windows 10 Search is broken and shows blank results.
04  Realtek fixes DLL hijacking flaw in HD audio driver for Windows.
04  Chrome 80 released with 56 security fixes, cookie changes.
04  Emotet gets ready for tax season with malicious W-9 forms.
04  Two critical Android bugs get patched in February update.
04  Medtronic patches implanted device, CareLink programmer bugs.
04  Google bug sent private Google Photos videos to other users.
04  Windows 10 botched update causes internet & sound issues.
03  Google cuts Chrome ‘patch gap’ in half, from 33 to 15 days.
03  New EmoCheck tool checks if you’re infected with Emotet.
03  Twitter fixed flaw exploited to match phone numbers to accounts.
02  John Opdenakker’s Weekly Security Newsletter.
02  This Week in Security – by Zack Whittaker.
02  Patch Lady – don’t install optional updates.
02  Pirated software is all fun and games until your data’s stolen.
01  Firefox shows what telemetry data it’s collecting about you.
01  Spamhaus phishing scam warns you’re on an email block list.
01  Coronavirus phishing attacks are actively targeting the US.
01  Win10 version 1909 File Explorer search box still buggy.

January, 2020  (Click listings for more information) .
31  The Week in Ransomware – Taking it to The Courts.
31  Intel Microcodes for Windows 10 released to fix CPU bugs.
30  Microsoft detects Evil Corp malware attacks after short break.
30  Surface Pro 7 & Laptop 3 get firmware and driver updates.
30  TrickBot uses Windows 10 UAC bypass to launch quietly.
30  Coronavirus campaigns spread Emotet, malware.
30  Avast shuts down Jumpshot that was selling user’s data.
30  Dell, HP memory-access bugs open path to kernel privileges.
29  Sprint Exposed Customer Support Site to Web.
29  TrickBot malware tries to Trump security software.
29  Can’t update Surface Dock firmware on Surface Pro X.
29  FBI warns of Social Security scams spoofing its phone number.
28  Ubuntu invites Windows 7 users with Linux switch guides.
28  All major antivirus vendors will continue to support Windows 7.
28  Windows 10 updates released for versions 1903 & 1909.
28  Wawa breach may have compromised millions of payment cards.
28  Ring Android app sent sensitive user data to trackers.
28  Apple Releases Multiple Security Updates.
27  Windows 7 to get post end of life update to fix wallpaper bug.
27  Enormous trove of Avast-gathered data being sold.
26  John Opdenakker’s Weekly Security Newsletter.
26  This Week in Security – by Zack Whittaker.
26  Microsoft’s IE zero-day fix is breaking Windows printing.
25  Chrome Web Store is facing a wave of fraudulent transactions.
25  PayPal, American Express phishing kits added to 16Shop service.
25  10% of all Macs Shlayered, malware cocktail served.
25  Mozilla has banned nearly 200 malicious Firefox add-ons.
24  The Week in Ransomware – Duck for Cover!
24  Microsoft to fix Windows 7 wallpaper bug for ESU customers.
24  Get the January 2020 Patch Tuesday patches installed.
24  Microsoft releases Windows 10 builds 17763.1012, 17134.1276.
23  Apple is finally killing Flash support in Safari.
23  Lenovo provides fix for faulty Type-C ports on ThinkPad laptops.
23  Critical MDhex vulnerabilities shake the healthcare sector.
23  LastPass mistakenly removes extension from Chrome Store.
23  Woody Leonhard – January patches look relatively benign.
23  Google: Apple’s private-browsing technology allows tracking.
22  Patch Lady – Does Woody tell you to not patch?
22  Microsoft exposed 250 million customer service records online.
22  Twitter releases updated Android app to fix crashes.
21  Microsoft starts pushing Windows 10 1909 to more devices.
21  Final Windows 7 update breaks desktop wallpaper functionality.
21  This Citibank phishing scam could trick many people.
21  Actively exploited IE 11 zero-day bug gets temporary patch.
21  Apple reportedly doesn’t encrypt iCloud backups due to FBI.
20  US retailer Hanna Andersson hacked to steal credit cards.
20  Patch Lady – Windows 10 versus 7 dealing with issues.
20  Emotet malware dabbles in extortion with new spam template.
20  LastPass is in the midst of a major outage.
19  This Week in Security – by Zack Whittaker.
19  John Opdenakker’s Weekly Security Newsletter.
19  New Nest video extortion scam plays out like a spy game.
19  Hacker leaks passwords for servers, routers, and IoT devices.
17  Microsoft issues mitigation for actively exploited IE zero-day.
17  The Week in Ransomware – Never Ends.
17  How malware gains trust by abusing the Windows CryptoAPI flaw.
17  Using the Opera browser? Here’s something you need to consider.
17  Fraudsters set up site selling temporary social security numbers.
16  Google Chrome Adds Protection for NSA’s Windows CryptoAPI Flaw.
16  TrickBot now uses a Windows 10 UAC bypass to evade detection.
16  PoCs for Windows CryptoAPI bug are out, show real-life exploit risks.
15  iPhones can now double as a security key for Google accounts.
15  Windows 7 end of support: Separating the bull from the horns.
15  Microsoft’s new Edge browser released, what you need to know.
15  Microsoft Office security updates fix code execution bugs.
15  The NSA Crypt32 threat is real, but not yet imminent.
15  Data-stealing malware emerges to target North America, China.
14  Intel patches high severity flaw in VTune Performance Profiler.
14  NSA’s first public vulnerability disclosure: an effort to build trust.
14  Here is the final updates for Windows 7 and Windows Server 2008.
14  Microsoft’s January 2020 Patch Tuesday Fixes 49 Vulnerabilities.
14  Windows 10 cumulative updates KB4528760 & KB4534273 released.
14  Microsoft fixes Windows CryptoAPI spoofing flaw reported by NSA.
14  Adobe releases their January 2020 Security Updates.
14  Today’s Patch Tuesday brings fireworks and – a magic bullet?
13  Windows 7 reaches end of life tomorrow, what you need to know.
13  Microsoft will support Edge on Windows 7 for at least 18 months.
13  Emotet malware restarts spam attacks after holiday break.
13  Android Trojan steals your money to fund international SMS attacks.
13  ‘Cable Haunt’ bug plagues millions of home modems.
13  It’s time to ditch Windows 7 if you want to stay safe online.
13  Cryptic rumblings ahead of first 2020 Patch Tuesday.
12  This Week in Security – by Zack Whittaker.
12  John Opdenakker’s Weekly Security Newsletter.
12  Windows 7 reminder: get a free Windows 10 upgrade while you can.
11  The Week in Ransomware – Now Data Breaches.
11  Android Trojan kills Google Play Protect, spews fake app reviews.
11  Five US telcos vulnerable to SIM swapping attacks.
10  Australia bushfire donors affected by credit card skimming attack.
10  Beware of Amazon Prime support scams in Google search ads.
10  Fake-review purge: Facebook boots 188 groups, eBay bans 140 shills.
10  Google Chrome will support Windows 7 after end of life.
10  The December 2019 Microsoft patches get the all-clear.
10  Here’s what will happen to your Windows 7 PC on January 15.
09  Google removed Joker malware infected apps from Play Store.
09  KDE Plasma welcomes Windows 7 refugees to the Linux side.
09  Win10 version 1903 seems ready – by Woody Leonhard.
09  Unremovable malware found preinstalled on low-end smartphone.
08  Mozilla Firefox 72.0.1 patches actively exploited zero-day.
08  TikTok patches flaws that could let hackers access personal user data and manipulate videos.
07  Google’s update addressed 7 high and critical Android flaws.
07  Microsoft releases January Office updates with crash fixes.
07  LiquorBot adapts cryptomining payload to infected host.
07  Microsoft phishing scam exploits Iran cyberattack scare.
07  Firefox 72 out with fingerprinter blocking, hidden notification prompts.
07  MageCart attackers steal card info from Focus Camera shoppers.
07  Facebook bans deepfake videos in run-up to the 2020 U.S. election.
07  Google Pixel January security patch rolling out.
06  Fake Windows 10 desktop used in new police browser lock scam.
06  ToTok returned to Google Play despite ‘spy tool’ claims.
06  US Govt says Iran’s cyberattacks can disrupt critical infrastructure.
06  December 2019 updates review – by Woody Leonhard.
05  This Week in Security – by Zack Whittaker.
05  John Opdenakker’s Weekly Security Newsletter.
05  How to stop Microsoft from testing new features in Edge.
05  Cambridge Analytica leak will show global voter manipulation.
04  How to secure your Wi-Fi router & protect your home network.
03  The Week in Ransomware – Busy Holiday Season.
03  Microsoft Products Reaching End of Life in 2020.
03  Security camera removed from Nest Hub after images go public.
02  Data Breach Affects 63 Landry’s Restaurants.
01  China’s TikTok banned by US Army amid security concerns.

December, 2019  (Click listings for more information) .
31  Mozilla will comply with Californian privacy rules worldwide.
31  Sextortion email scammers try new tactics to bypass spam filters.
31  2020 Cybersecurity Trends to Watch.
31  Secure New Internet-Connected Devices.
29  This Week in Security – by Zack Whittaker.
29  Wyze exposes user data via unsecured ElasticSearch cluster.
27  Christmas malware uses “Support Greta Thunberg” as a lure.
27  Google Chrome affected by Magellan 2.0 flaws.
27  BIOLOAD malware drops fresher Carbanak backdoor.
26  Mozilla adds additional DNS-Over-HTTPS provider to Firefox.
23  Twitter fixes bug that enabled takeover of Android app accounts.
23  NVIDIA patches high severity vulnerability in GeForce Experience.
23  New botnet takes over Netgear, D-Link, Huawei routers.
22  This Week in Security – by Zack Whittaker.
22  Avast and AVG extensions added back to Mozilla Firefox.
21  Dropbox zero-day vulnerability gets temporary fix.
21  PayPal phishing attack promises to secure accounts. . .
20  The Week in Ransomware – Attacks Everywhere.
20  Tokyo 2020 staff warns of phishing disguised as official emails.
20  Windows Remote Desktop Services used for fileless malware attacks.
19  267M Facebook users’ phone numbers exposed online.
19  AdwCleaner 8.0.1 fixes DLL hijacking vulnerability.
19  Fake Star Wars streaming sites steal fans’ credit cards.
19  Exploit kit starts pushing malware via fake adult sites.
19  Emotet malware uses Greta Thunberg demonstrations as lure.
19  Bugs continue to haunt Win10 version 1909.
18  Honda exposes 26,000 records of North American customers.
18  Ring smart doorbell plagued by security issues, flood of hacks.
18  Microsoft Security Essentials to get updates after Windows 7 EoS.
18  Verizon Fios Internet is having an outage, change DNS to fix.
18  FBI warns of risks behind using free WiFi while traveling.
18  New BlueKeep scanner lets you find vulnerable Windows PCs.
17  How to block Windows 10 Update installing the new Edge browser.
17  Bug sent WhatsApp into crash loop, caused chat history loss.
17  NextDNS joins Firefox to help enhance user privacy & security.
17  Alexa, Google home eavesdropping hack not yet fixed.
17  iPhones and iPads finally get key-based protection.
16  Update Intel’s Rapid Storage app to fix bug letting malware evade AV.
16  TP-Link router bug lets attackers login without passwords.
16  Emotet Trojan is inviting you to a malicious Christmas party.
16  Over 435K security certs can be easily compromised.
16  Police get big data haul from Google with geofence warrants.
16  Inside ‘Evil Corp,’ a $100M Cybercrime Menace.
15  This Week in Security – by Zack Whittaker.
15  Microsoft pushes Windows 10 Autopilot update by mistake.
15  Google halts Chrome 79 update after it breaks some Android apps.
14  The Week in Ransomware – Data Extortion.
13  Attackers terrify homeowners after hacking Ring Devices.
13  Attackers steal credit cards in Rooster Teeth data breach.
13  Apple to fix bug that bypasses Communication Controls for kids.
12  VISA warns of ongoing cyber attacks on gas pump PoS systems.
12  New Echobot variant exploits 77 remote code execution flaws.
12  Win7 servicing stack update KB 4523206 may lock up your PC.
12  Counterfeit sneaker sites hacked to steal credit cards.
11  Smart Krampus-3PC malware targets iPhone users.
11  Apple fixes ‘AirDoS’ bug that cripples nearby iPhones, iPads.
11  “Aw Snap!” crash makes a comeback in Chrome 79.
11  Patch Tuesday brings a reprise of the Autopilot debacle . . . .
11  Microsoft Office security updates fix remote execution bugs.
10  Chrome 79 released with security improvements, and more.
10  Apple releases iOS 13.3, watchOS 6.1.1, and tvOS 13.3.
10  Intel patches Plundervolt, high severity issues in update.
10  Here’s what’s new for Windows 7 & 8.1 this Patch Tuesday.
10  Microsoft’s Patch Tuesday fixes Win32k zero-day, 36 flaws.
10  Win10 KB4530684 & KB4530715 cumulative updates released.
10  Adobe releases their December 2019 security updates.
10  Chrome uses Safe Browsing to improve phishing protection.
09  What to ask before buying internet-connected toys.
09  Trojan abuses Google Suite, baits with annual bonuses.
09  Patch Tuesday’s coming! – by Woody Leonhard.
08  This Week in Security – by Zack Whittaker.
08  Fake Elder Scrolls Online devs run PlayStation phishing scam.
07  Clever Microsoft phishing scam creates a local login form.
07  FBI recommends securing your smart TVs and IoT devices.
06  The Week in Ransomware – “We have seen better days”.
06  Fake VPN site pushes CryptBot & Vidar info-stealing Trojans.
06  Users on Win10 version 1809 are starting to be moved to 1909.
06  Some hardware-based password managers have poor security.
05  New Linux vulnerability lets attackers hijack VPN connections.
05  Original Surface Books with swollen batteries, a cautionary story.
05  AT&T, Verizon subscribers mobile bills turn up on the open Web.
05  All’s clear to install Microsoft’s November patches.
04  Microsoft Remote Desktop Client for iOS is back after bug fixes.
04  Ubuntu Linux gets Intel microcode update to fix CPU hangs.
04  Fix issued for the 2019 13-inch MacBook Pro shutdown issue.
04  Patch Lady – watch out for banner ad scams.
04  Reported profile problems with the newly updated Firefox.
03  Smith & Wesson site hacked to steal customer payment info.
03  Microsoft releases 2019 Office updates with Auth issue fix.
03  Firefox 71 released with picture-in-picture support and more.
03  Android ups mobile security with default TLS encryption.
03  FTC warns of scam spreading scary terrorism allegations.
03  Avast & AVG Firefox extensions pulled from Mozilla addon site.
03  Security patch brings some Pixel 4 features to older Pixels.
02  Facebook Ads Manager targeted by new info-stealing Trojan.
02  Microsoft warns of spear phishing attacks, tips to dodge them.
02  Fake Steam skin giveaway site steals your login credentials.
02  Actively exploited StrandHogg vulnerability affects Android OS.
01  This Week in Security – by Zack Whittaker.
01  Microsoft Remote Desktop 10.0 for iOS released, then pulled.